Thomson Reuters Collected and Leaked at Least 3TB of Sensitive Data

Thomson Reuters, a multinational media conglomerate, left an open database with sensitive customer and corporate data, including third-party server passwords in plaintext format. Attackers could use the details for a supply-chain attack. Cybernews: The Cybernews research team found that Thomson Reuters left at least three of its databases accessible for anyone to look at. One of the open instances, the 3TB public-facing ElasticSearch database, contains a trove of sensitive, up-to-date information from across the company's platforms. The company recognized the issue and fixed it immediately. Thomson Reuters provides customers with products such as the business-to-business media tool Reuters Connect, legal research service and database Westlaw, the tax automation system ONESOURCE, online research suite of editorial and source materials Checkpoint, and other tools. The size of the open database the team discovered corresponds with the company using ElasticSearch, a data storage favored by enterprises dealing with extensive, constantly updated volumes of data.

Re:

[Opportunist]

Well, anyone who had a fast enough link to download the info, obviously.

All leaks can be accounted

[ElitistWhiner]

Stupidity is the bottom denominator, when juicy stuff has to get loose.

Re:

[Tablizer]

> Stupidity is the bottom denominator

It's not "stupid" from the top's perspective, The decision makers rarely are punished enough by such breaches to take their focus off profits-first. They will often move on to a new company when bleep happens.

The orders to skimp are usually verbal such that there's no written trail to bust them on. They just point fingers at other executives such that juries can't make heads or tails of what actually happened and so have to either acquit or assign nominal punishment.

Not Surprised.

[splutty]

Having worked with TR products, I am very much not surprised they missed basic things.

Even their very popular stuff is.. Wonky at best, almost unusable at worst.

Re:

[cob666]

I worked at Thomson Financial Services back in the early 90s on a product called 'First Call' which was pretty popular at the time and still exists as some other product. They ran a tight ship back then with a lot of focus on customer service and support. Security was a big concern back then as well but that was really pre-web so data accessibility was limited.

Re:

[Njovich]

That's closer to the Vietnam war than it is to the present day, gramps.

Re:

[splutty]

The one from the last decade certainly isn't that.

Simple example, they'd just roll out an update without notifying anyone, which changes their proprietary format, and thus breaks all downstream processing.

Three times. In a year.

Re:

[q4Fry]

Thomson Reuters: Move facts, Break pings.

Re:

[tlhIngan]

Having worked with TR products, I am very much not surprised they missed basic things.

Even their very popular stuff is.. Wonky at best, almost unusable at worst.

Except they do make the popular UFile tax software for Canadians which for personal taxes is extremely popular due to its low cost ($20) unlike say, QuickTax which comes in a half dozen versions depending on what tax forms you need to file, starting with a basic version for $20. (Officially it's like $23, but is discounted to $20 so often during tax

Where is the torrent

[kyoko21]

So where is the torrent hosting said data? lol!!!